lib/flex_array.c

/*
 * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include "ssl_locl.h"

#ifndef OPENSSL_NO_SRP
# include <openssl/srp.h>

int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
{
    if (ctx == NULL)
        return 0;
    OPENSSL_free(ctx->srp_ctx.login);
    OPENSSL_free(ctx->srp_ctx.info);
    BN_free(ctx->srp_ctx.N);
    BN_free(ctx->srp_ctx.g);
    BN_free(ctx->srp_ctx.s);
    BN_free(ctx->srp_ctx.B);
    BN_free(ctx->srp_ctx.A);
    BN_free(ctx->srp_ctx.a);
    BN_free(ctx->srp_ctx.b);
    BN_free(ctx->srp_ctx.v);
    memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx));
    ctx->srp_ctx.strength = SRP_MINIMAL_N;
    return (1);
}

int SSL_SRP_CTX_free(struct ssl_st *s)
{
    if (s == NULL)
        return 0;
    OPENSSL_free(s->srp_ctx.login);
    OPENSSL_free(s->srp_ctx.info);
    BN_free(s->srp_ctx.N);
    BN_free(s->srp_ctx.g);
    BN_free(s->srp_ctx.s);
    BN_free(s->srp_ctx.B);
    BN_free(s->srp_ctx.A);
    BN_free(s->srp_ctx.a);
    BN_free(s->srp_ctx.b);
    BN_free(s->srp_ctx.v);
    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
    s->srp_ctx.strength = SRP_MINIMAL_N;
    return (1);
}

int SSL_SRP_CTX_init(struct ssl_st *s)
{
    SSL_CTX *ctx;

    if ((s == NULL) || ((ctx = s->ctx) == NULL))
        return 0;

    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));

    s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg;
    /* set client Hello login callback */
    s->srp_ctx.TLS_ext_srp_username_callback =
        ctx->srp_ctx.TLS_ext_srp_username_callback;
    /* set SRP N/g param callback for verification */
    s->srp_ctx.SRP_verify_param_callback =
        ctx->srp_ctx.SRP_verify_param_callback;
    /* set SRP client passwd callback */
    s->srp_ctx.SRP_give_srp_client_pwd_callback =
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback;

    s->srp_ctx.strength = ctx->srp_ctx.strength;

    if (((ctx->srp_ctx.N != NULL) &&
         ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) ||
        ((ctx->srp_ctx.g != NULL) &&
         ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) ||
        ((ctx->srp_ctx.s != NULL) &&
         ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) ||
        ((ctx->srp_ctx.B != NULL) &&
         ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) ||
        ((ctx->srp_ctx.A != NULL) &&
         ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) ||
        ((ctx->srp_ctx.a != NULL) &&
         ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) ||
        ((ctx->srp_ctx.v != NULL) &&
         ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) ||
        ((ctx->srp_ctx.b != NULL) &&
         ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) {
        SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_BN_LIB);
        goto err;
    }
    if ((ctx->srp_ctx.login != NULL) &&
        ((s->srp_ctx.login = OPENSSL_strdup(ctx->srp_ctx.login)) == NULL)) {
        SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
        goto err;
    }
    if ((ctx->srp_ctx.info != NULL) &&
        ((s->srp_ctx.info = BUF_strdup(ctx->srp_ctx.info)) == NULL)) {
        SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
        goto err;
    }
    s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask;

    return (1);
 err:
    OPENSSL_free(s->srp_ctx.login);
    OPENSSL_free(s->srp_ctx.info);
    BN_free(s->srp_ctx.N);
    BN_free(s->srp_ctx.g);
    BN_free(s->srp_ctx.s);
    BN_free(s->srp_ctx.B);
    BN_free(s->srp_ctx.A);
    BN_free(s->srp_ctx.a);
    BN_free(s->srp_ctx.b);
    BN_free(s->srp_ctx.v);
    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
    return (0);
}

int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
{
    if (ctx == NULL)
        return 0;

    memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx));
    ctx->srp_ctx.strength = SRP_MINIMAL_N;

    return (1);
}

/* server side */
int SSL_srp_server_param_with_username(SSL *s, int *ad)
{
    unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
    int al;

    *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
    if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) &&
        ((al =
          s->srp_ctx.TLS_ext_srp_username_callback(s, ad,
                                                   s->srp_ctx.SRP_cb_arg)) !=
         SSL_ERROR_NONE))
        return al;

    *ad = SSL_AD_INTERNAL_ERROR;
    if ((s->srp_ctx.N == NULL) ||
        (s->srp_ctx.g == NULL) ||
        (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
        return SSL3_AL_FATAL;

    if (RAND_bytes(b, sizeof(b)) <= 0)
        return SSL3_AL_FATAL;
    s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
    OPENSSL_cleanse(b, sizeof(b));

    /* Calculate:  B = (kv + g^b) % N  */

    return ((s->srp_ctx.B =
             SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g,
                        s->srp_ctx.v)) !=
            NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL;
}

/*
 * If the server just has the raw password, make up a verifier entry on the
 * fly
 */
int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
                                const char *grp)
{
    SRP_gN *GN = SRP_get_default_gN(grp);
    if (GN == NULL)
        return -1;
    s->srp_ctx.N = BN_dup(GN->N);
    s->srp_ctx.g = BN_dup(GN->g);
    BN_clear_free(s->srp_ctx.v);
    s->srp_ctx.v = NULL;
    BN_clear_free(s->
Age	Commit message (Expand)	Author
2010-08-09	flex_array: add helpers to get and put to make pointers easy to use	Eric Paris
2010-04-24	flex_array: fix the panic when calling flex_array_alloc() without __GFP_ZERO	Changli Gao
2009-09-22	flex_array: add missing kerneldoc annotations	David Rientjes
2009-09-22	flex_array: introduce DEFINE_FLEX_ARRAY	David Rientjes
2009-09-22	flex_array: add flex_array_shrink function	David Rientjes
2009-09-22	flex_array: poison free elements	David Rientjes
2009-09-22	flex_array: add flex_array_clear function	David Rientjes
2009-08-26	flex_array: convert element_nr formals to unsigned	David Rientjes
2009-08-26	flex_array: fix flex_array_free_parts comment	David Rientjes
2009-08-26	flex_array: fix get function for elements in base starting at non-zero	David Rientjes
2009-08-04	flex_array: remove unneeded index calculation	Jonathan Corbet
2009-07-29	lib: flexible array implementation	Dave Hansen
/* * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html / #include <openssl/crypto.h> #include <openssl/rand.h> #include <openssl/err.h> #include "ssl_locl.h" #ifndef OPENSSL_NO_SRP # include <openssl/srp.h> int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st ctx) { if (ctx == NULL) return 0; OPENSSL_free(ctx->srp_ctx.login); OPENSSL_free(ctx->srp_ctx.info); BN_free(ctx->srp_ctx.N); BN_free(ctx->srp_ctx.g); BN_free(ctx->srp_ctx.s); BN_free(ctx->srp_ctx.B); BN_free(ctx->srp_ctx.A); BN_free(ctx->srp_ctx.a); BN_free(ctx->srp_ctx.b); BN_free(ctx->srp_ctx.v); memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx)); ctx->srp_ctx.strength = SRP_MINIMAL_N; return (1); } int SSL_SRP_CTX_free(struct ssl_st s) { if (s == NULL) return 0; OPENSSL_free(s->srp_ctx.login); OPENSSL_free(s->srp_ctx.info); BN_free(s->srp_ctx.N); BN_free(s->srp_ctx.g); BN_free(s->srp_ctx.s); BN_free(s->srp_ctx.B); BN_free(s->srp_ctx.A); BN_free(s->srp_ctx.a); BN_free(s->srp_ctx.b); BN_free(s->srp_ctx.v); memset(&s->srp_ctx, 0, sizeof(s->srp_ctx)); s->srp_ctx.strength = SRP_MINIMAL_N; return (1); } int SSL_SRP_CTX_init(struct ssl_st s) { SSL_CTX ctx; if ((s == NULL) \|\| ((ctx = s->ctx) == NULL)) return 0; memset(&s->srp_ctx, 0, sizeof(s->srp_ctx)); s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg; / set client Hello login callback / s->srp_ctx.TLS_ext_srp_username_callback = ctx->srp_ctx.TLS_ext_srp_username_callback; / set SRP N/g param callback for verification / s->srp_ctx.SRP_verify_param_callback = ctx->srp_ctx.SRP_verify_param_callback; / set SRP client passwd callback / s->srp_ctx.SRP_give_srp_client_pwd_callback = ctx->srp_ctx.SRP_give_srp_client_pwd_callback; s->srp_ctx.strength = ctx->srp_ctx.strength; if (((ctx->srp_ctx.N != NULL) && ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) \|\| ((ctx->srp_ctx.g != NULL) && ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) \|\| ((ctx->srp_ctx.s != NULL) && ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) \|\| ((ctx->srp_ctx.B != NULL) && ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) \|\| ((ctx->srp_ctx.A != NULL) && ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) \|\| ((ctx->srp_ctx.a != NULL) && ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) \|\| ((ctx->srp_ctx.v != NULL) && ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) \|\| ((ctx->srp_ctx.b != NULL) && ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) { SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_BN_LIB); goto err; } if ((ctx->srp_ctx.login != NULL) && ((s->srp_ctx.login = OPENSSL_strdup(ctx->srp_ctx.login)) == NULL)) { SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR); goto err; } if ((ctx->srp_ctx.info != NULL) && ((s->srp_ctx.info = BUF_strdup(ctx->srp_ctx.info)) == NULL)) { SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR); goto err; } s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask; return (1); err: OPENSSL_free(s->srp_ctx.login); OPENSSL_free(s->srp_ctx.info); BN_free(s->srp_ctx.N); BN_free(s->srp_ctx.g); BN_free(s->srp_ctx.s); BN_free(s->srp_ctx.B); BN_free(s->srp_ctx.A); BN_free(s->srp_ctx.a); BN_free(s->srp_ctx.b); BN_free(s->srp_ctx.v); memset(&s->srp_ctx, 0, sizeof(s->srp_ctx)); return (0); } int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st ctx) { if (ctx == NULL) return 0; memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx)); ctx->srp_ctx.strength = SRP_MINIMAL_N; return (1); } /* server side / int SSL_srp_server_param_with_username(SSL s, int ad) { unsigned char b[SSL_MAX_MASTER_KEY_LENGTH]; int al; ad = SSL_AD_UNKNOWN_PSK_IDENTITY; if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) && ((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.SRP_cb_arg)) != SSL_ERROR_NONE)) return al; ad = SSL_AD_INTERNAL_ERROR; if ((s->srp_ctx.N == NULL) \|\| (s->srp_ctx.g == NULL) \|\| (s->srp_ctx.s == NULL) \|\| (s->srp_ctx.v == NULL)) return SSL3_AL_FATAL; if (RAND_bytes(b, sizeof(b)) <= 0) return SSL3_AL_FATAL; s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL); OPENSSL_cleanse(b, sizeof(b)); / Calculate: B = (kv + g^b) % N / return ((s->srp_ctx.B = SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, s->srp_ctx.v)) != NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL; } / * If the server just has the raw password, make up a verifier entry on the * fly / int SSL_set_srp_server_param_pw(SSL s, const char user, const char pass, const char grp) { SRP_gN GN = SRP_get_default_gN(grp); if (GN == NULL) return -1; s->srp_ctx.N = BN_dup(GN->N); s->srp_ctx.g = BN_dup(GN->g); BN_clear_free(s->srp_ctx.v); s->srp_ctx.v = NULL; BN_clear_free(s->